Getting somewhat closer to releasing a new version of #swad. I now improved the functionality to execute something on a different worker thread: Use an in-memory queue, providing a #lockfree version. This gives me a consistent reliable throughput of 3000 requests/s (with outliers up to 4500 r/s) at an average response time of 350 - 400 ms (with TLS enabled). For waking up worker threads, I implemented different backends as well: kqueue, eventfd and event-ports, the fallback is still a self-pipe.

So, #portability here really means implement lots of different flavors of the same thing.

Looking at these startup logs, you can see that #kqueue (#FreeBSD and other BSDs) is really a "jack of all trades", being used for "everything" if available (and that's pretty awesome, it means one single #syscall per event loop iteration in the generic case). #illumos' (#Solaris) #eventports come somewhat close (but need a lot more syscalls as there's no "batch registering" and certain event types need to be re-registered every time they fired), they just can't do signals, but illumos offers Linux-compatible signalfd. Looking at #Linux, there's a "special case fd" for everything. 🙈 Plus #epoll also needs one syscall for each event to be registered. The "generic #POSIX" case without any of these interfaces is just added for completeness 😆

https://blog.gslin.org/archives/2025/05/29/12419/%e7%94%a8-strace-%e6%8f%9b%e6%8e%89-syscall/

用 strace 換掉 syscall

#call #debug #injection #kernel #strace #syscall

Watch out for any #Linux #malware sneakily evading #syscall-watching #antivirus

https://www.theregister.com/2025/04/29/linux_io_uring_security_flaw/

#cybersecurity #FOSS #Curing

Syscall и cgo в Go

Привет, Хабр! В этой статье рассмотрим работу с системными утилитами в Go. Будем напрямую общаться с ядром, дергать системные вызовы и писать код на C, чтобы Go не чувствовал себя одиноким.

https://habr.com/ru/companies/otus/articles/886062/

#golang #системные_утилиты #syscall #cgo

Decai decompiling a malicious shellcode.
The instructions are not so readable, if you're not used to syscalls int 0x80. AI does it for you.

https://asciinema.org/a/4PY8wn2TPg2oBdDQ0Q5bgMYjk

#r2ai #decai #r2 #malware #shellcode #syscall #linux

@ax6761 Well, you could call it an implementation glitch. #uname is *meant* to give you information about "the OS", but has always been implemented as a #syscall (dating back to early Unix versions), therefore actually tells you something about the #kernel.

In #FreeBSD, the kernel doesn't *have* to be the exact same version as the userland, and for security updates, a new kernel is only built when some patch actually affects the kernel.

Note that on a #Linux system, it's arguably even "worse", as Linux is nothing but the kernel. To know version information about the rest of your installed OS, you'll have to use distribution specific information (or more recently look at the now standardized /etc/osrelease).

I'm surprised at how badly #Ghidra decompiles this very simple function.

It's a syscall 0x57 which is unlink (remove a file).

I'm surprised it decompiles saying it *returns 0x57* ...

#decompiler #syscall #linux

On thread vs. process permissions

In common Unix and POSIX systems, all threads in a process are supposed to have the same permission. So why does the vortex8 program work as exploited, where one thread sets different permissions than another one using setresuid/setresgid?

Reference: https://man7.org/linux/man-pages/man2/setresuid.2.html

Answer in thread.

#ctf #cybersecurity #posix #linux #glibc #syscall #overthewire #vortex

Stratoshark: Computer debugging tool: like wireshark, but for system calls instead of network packets
https://stratoshark.org/
#via:hackernews #wireshark #debugging #syscall #strace #devops #linux #+

FreshyCalls: Syscalls Freshly Squeezed!

FreshyCalls is a C++ library to simplify syscalls on Windows, allowing to extract syscall numbers dynamically without depending on specific versions.

https://github.com/crummie5/FreshyCalls

#windows #syscall

when you say you cannot use kernel services or any system call for that matter because #Syscall instruction is prohibited inside the enclave. The OS is not a part of the trusted computing base(TCB) in #SGX. lets assume that syscall was enabled inside the enclave and you write instructions in assembly to execute the syscall instruction(lets say with parameters for the open system call sys_open). When you do a syscall you jump to the predefined location setup by the kernel during boot to start executing kernel code. What this means is you are jumping from code written by you(which is trusted) to code which is not written by you(OS, which is untrusted and is not a part of your TCB). If you were able to do this, it would defeat the security guarantees provided by SGX. Since the kernel/OS/any other software not written by you is untrusted, you could have a malicious kernel whose open system call reads data inside your enclave and steal your secrets.
https://en.wikipedia.org/wiki/Spectre_(security_vulnerability)
https://stackoverflow.com/questions/28114746/what-does-it-implies-to-disable-syscall-in-intel-sgx

DPDK на динозаврах и гаишниках

Как часто менеджерам, дизайнерам и UX-исследователям приходится вникать в проблемы сетевого стека Linux-ядра? Подозреваю, что не часто. Но если вам пришлось это сделать, у меня хорошая новость! Я уже прошла этот путь, полный админских терминов и бесконечных аналогий, и подготовила краткое содержание в комиксах. Теперь вам не нужно будет переводить с технического на дизайнерский! Меня зовут Наташа, я UX-исследователь

https://habr.com/ru/companies/selectel/articles/858472/

#selectel #linux_kernel #syscall #kernel_bypass #dpdk #wbarticle

Useful websites with Linux kernel syscall tables for various architectures and kernel versions

https://arm64.syscall.sh

https://syscalls.mebeim.net

#Linux #syscall

Roughly two years ago I hacked together a small tool to automatically download the
#windows #docker images, extract the ntdll.dll from them and extract the #syscall numbers for that Windows version. This can be used for #shellcode and other #malware dev activities.

I've finally pushed the code to GitHub and redeployed the website.

All the data is either available in the HTML tables, or as a JSON by appending ?format=json to the URL.

Because it's just been redeployed, it's re-downloading all the images, so it will take a few hours until more Windows versions are indexed. It's now indexed more than 200 different version of ntdll.dll :)

Updated the article: Monitor file access by Linux processes

Linux is powerful with the help of small utilities like lsof and strace. They help with monitoring disk and file activity, of new and running processes. #linux #lsof #ltrace #strace #syscall

Link: https://linux-audit.com/monitor-file-access-by-linux-processes/

Feedback and boosts welcome 🤟

I want to say a big thank you to:
Radare2
Ghidra
x64dbg
Qubes OS

finally but not least; 2 more:

- hfiref0x and to hasherezade
for the extremely useful repos like SysCallTables and crypto_utils they have made

- https://github.com/hfiref0x/SyscallTables
- https://github.com/hasherezade/crypto_utils

#hfiref0x
#hasherezade
#syscalltables #syscall
#radare2 #ghidra #x64dbg #qubes #Qubes_OS

2024W07

OmniOS Stable is updated to r151048o
This update requires a reboot
https://github.com/omniosorg/omnios-build/blob/44731424e67c8aaafe5c4e500fe7c4544a22f0f6/doc/ReleaseNotes.md#r151048o-2024-02-15

OmniOS Extras updates include:
— OpenLDAP updated to 2.6.7
— VirtualBox updated to 7.0.14a
— BIND updated to 9.16.48 / 9.18.24
— Unbound updated to 1.19.1
— OpenVPN updated to 2.6.9
— Nginx updated to 1.25.4
— Listmonk updated to 3.0.0
And much more!

SmartOS 20240208T000334Z
Interesting changes include:
— bhyve returns bogus cpuid 8000_001D leaf
— update pkgsrc-setup to 20240116
— Update curl to 8.6.0
— Update OpenSSL to 3.0.13
https://us-east.manta.joyent.com/Joyent_Dev/public/SmartOS/smartos.html#20240208T000334Z

2024-02-15 bhyve Production User Call
https://www.youtube.com/watch?v=X1joWFfpTX8

Mirroring OmniOS: The Complete Guide; Part One
https://antranigv.am/posts/2024/02/omnios-mirror-one/

Booting OmniOS on Vultr
https://github.com/omniosorg/illumos-omnios/issues/1432

Migrate a FreeBSD bhyve virtual machine to OmniOS
https://www.tumfatig.net/2024/migrate-a-freebsd-bhyve-virtual-machine-to-omnios/

ZFS encryption and notification service on OmniOS
https://www.tumfatig.net/2024/zfs-encryption-and-notification-service-on-omnios/

Configure OmniOS to use an authenticated SMTP relay (smarthost)
https://www.tumfatig.net/2024/configure-omnios-to-use-an-authenticated-smtp-relay-smarthost/

Remotely install OmniOS on a Dell R620
https://www.tumfatig.net/2024/remotely-install-omnios-on-a-dell-r620/

Dealing with USB Storage devices on OmniOS
https://www.tumfatig.net/2024/dealing-with-usb-storage-devices-on-omnios/

Running OpenBSD on OmniOS using bhyve
https://www.tumfatig.net/2024/running-openbsd-on-omnios-using-bhyve/

SMB shares using OmniOS, zones and ZFS
https://www.tumfatig.net/2023/smb-shares-using-omnios-zones-and-zfs/

Add support for Emulex LPe35000/LPe36000 32Gb/64Gb fibre channel chipsets
https://www.illumos.org/issues/15391
https://github.com/illumos/illumos-gate/commit/e2d1a4340d8c7e04c758949b4fb4b1934fcf9330

Provide execvpe
https://www.illumos.org/issues/7125
https://github.com/illumos/illumos-gate/commit/a89c0811c892ec231725fe10817ef95dda813c06

Port NFSv41 base
(Allows to enable and disable NFSv4 minor versions)
https://www.illumos.org/issues/15405
https://github.com/illumos/illumos-gate/commit/f44e1126d9eae71c48c5d1de51e24750c6ec20a4

pcieadm decodes readiness time reporting
https://www.illumos.org/issues/16233
https://github.com/illumos/illumos-gate/commit/8a300ed6ab165c8d46fd165c6d8a4de8a5b0b596

Update tzdata to 2024a
https://www.illumos.org/issues/16230
https://github.com/illumos/illumos-gate/commit/e15592c8dabdb93c1b45a4785db35f013e0b49f9

illumos now recognizes QEMU/TCG as a hypervisor
https://www.illumos.org/issues/16139
https://github.com/illumos/illumos-gate/commit/2faf06a0ad863963d95ad569428e5e6e45255ab7

https://news.illumos.am/2024w07/

#bhyve #cpuid #DellR620 #Emulex #FibreChannel #FreeBSD #illumos #NFS #OfficeHours #OmniOS #OpenBSD #PCIe #pcieadm #QEMU #SmartOS #SMB #Storage #syscall #tzdata #USB #Vultr #ZFS

Учимся понимать события подсистемы аудита Linux

Приветствую всех любителей изучать новое. Меня зовут Рома, и я занимаюсь исследованием безопасности ОС Linux в экспертной лаборатории PT Expert Security Center . В рамках инициативы нашей компании по обмену экспертными знаниями с сообществом я расскажу вам об известной многим администраторам системе журналирования в Linux-подобных ОС — подсистеме аудита Linux (auditd). При должной настройке она позволяет получать полную информацию о действиях, выполняемых в операционной системе. Специалистам по информационной безопасности полезно уметь расшифровывать и обрабатывать события auditd для отслеживания потенциально вредоносной активности. В связи с этим нам потребовалось организовать для них экспертную поддержку в системе мониторинга событий ИБ и управления инцидентами MaxPatrol SIEM . Подробнее

https://habr.com/ru/companies/pt/articles/789014/

#linux #kernel #siem #audit #man #security_expert_community #системные_вызовы #syscall

Self-contained Linux applications with lone Lisp
https://www.matheusmoreira.com/articles/self-contained-lone-lisp-applications
#ycombinator #freestanding #standalone #self_contained #linux #application #system_call #syscall #lone #lisp